[24023] in bugtraq
Re: sastcpd Buffer Overflow and Format String Vulnerabilities
daemon@ATHENA.MIT.EDU (elliptic)
Tue Jan 29 13:35:19 2002
Date: Tue, 29 Jan 2002 10:54:38 -0700 (MST)
From: elliptic <elliptic@localhost.localdomain>
To: bugtraq@securityfocus.com
Message-ID: <Pine.LNX.4.44.0201291050220.23931-100000@localhost.localdomain>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> "SAS software provides the foundation, tools, and
> solutions for data analysis, report generation,
> and enterprise-wide information delivery."
>
> The "SAS Job Spawner", sastcpd, contains both a buffer
> overflow and a format string vulnerability.
>
> SAS Support say that these problems were fixed in version
> 8.2 of this product, but we are unable to confirm as we
> do not have access to this version.
This problem appears to be addressed by the following product note:
http://www.sas.com/service/techsup/unotes/SN/004/004201.html
Some additional information Digital Shadow neglected to include:
sastcpd is part of the SAS/Base component. Although I neither work for
SAS, nor do I use their product on a regular basis, I'd assume this means
the scope of exposure is broad.
Additionally, it appears that the objspawn program included with the
SAS/Integration Technologies product is also vulnerable to these bugs.
objspawn is also a setuid root executable by default. See the above link
for more information.
Cheers,
ellipse
